can't see non-root writes to /dev/console

Carlos A. M. dos Santos unixmania at
Mon Oct 13 14:23:04 PDT 2008

On Mon, Oct 13, 2008 at 6:05 PM, Edwin Groothuis <edwin at> wrote:
> On Sun, Oct 12, 2008 at 10:23:53PM -0700, Jeremy Chadwick wrote:
>> > The ioctl call fails (EPERM) because only superuser can use TIOCCONS,
>> > regardless the ownership of the device. Using xterm with the "-C"
>> > argument works because xterm is installed with the setuid flag bit on.
>> > So the solution is "chmod +us  xconsole".
>> Can someone security audit this program before blindly setuid-root'ing
>> it?
> Isn't xconsole not just the same values as /var/log/messages ?
> So information-leaking-wise it isn't a huge deal. Only the program
> itself is now the unknown.
> Edwin
> --
> Edwin Groothuis         Website:
> edwin at       Weblog:

The OpenBSD folks solved the permission issue along time ago(*) by
means of a privilege separation feature. Take a look at

I will see if is possible to update the xconsole port in order to do
the same. Is there any standard privilege separation framework on


cd /usr/ports/sysutils/life
make clean

More information about the freebsd-stable mailing list